spamassassin-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Martin Gregorie <mar...@gregorie.org>
Subject Re: improving the score for specific types of spam
Date Wed, 13 Jul 2011 14:21:45 GMT
On Wed, 2011-07-13 at 15:29 +0200, J4K wrote:
> On 07/13/2011 02:43 PM, Martin Gregorie wrote:
> > On Wed, 2011-07-13 at 14:06 +0200, J4K wrote:
> >
> > I assume you tested it as well as running it through lint ("spamassassin
> > <spam_sample.txt"), so is it firing on samples of that type of spam?
> >
> > Comments: As written the rule won't work because __PR2 assumes that the
> > domain name starts at the beginning of the URI but you said that the
> > URIs typically contain a user name and '@'. Also, I'd probably
> > generalise __PR2 to something like:
> >
> > uri  __PR2 /(joblists.com|gb-totaljob.com)/i
> >
> > on the assumption that when you wrote 'europ-joblist.com' you meant
> > 'europ-joblists.com'. This change will probably run faster and possibly
> > catch more spam too, especially if there is a Canadian or Scandinavian
> > office.
> >
> >
> > Martin
> >
> >
> Thank-you Martin.  I modified the rule as suggested. I
> 
> I ran it through spamassassin > test.txt, but the rule was not triggered
> even though the Subject was: Vacancy - apply online, and the content
> contained the email address: Trenton@totaljoblists.net
> I looked with -D, and there is no mention of PRIVATE_RULE1.
> 
Indeed. the __PR2 regex won't match "joblists.net" though it would if
you changed it to:

	/(joblists\.(com|net)|gb-totaljob\.com)/i

I strongly suggest you learn a bit more about Perl regular expressions,
either from one of the many tutorials on the 'net or by getting a copy
of the O'Reilly "Camel" book 'Programming PERL'.

Secondly, you need to read up on SA rules and how to write them. This is
all on the SA website. Subrules whose names start with a double
underscore are never shown when they fire, so its a good idea to run
initial tests with the subrules (and references to them) with the
underscores removed so you can see which subrules fire. When they are
working correctly, put the underscores back, re-lint and *retest* the
rule before putting it live.

Thirdly, I find it useful to have an SA installation on a second machine
that I can use for rule development without affecting my main system.
When I'm happy with the rule, I copy the affected SA configuration files
over to the live system and restart SA. 


Martin



Mime
View raw message